Cannot link with en external application

Jorge Sánchez July 21, 2017

I need to stablish a connection from JIRA with an external application via SSL.

The error received is : "The server 'https://greenhopper-dev.app.alcatel-lucent.com:443' is not reachable: javax.net.ssl.SSLException: java.security.cert.CertificateException: No name matching greenhopper-dev.app.alcatel-lucent.com found"

It seems like the server is not include in the certificates file /opt/atlassian/jira/jre/lib/security/cacerts, but the server is reachable via command line interface pointing to the same file .

> java -Djavax.net.ssl.trustStore="/opt/atlassian/jira/jre/lib/security/cacerts" SSLPoke greenhopper-dev.app.alcatel-lucent.com 443
Successfully connected

The option "-Djavax.net.ssl.trustStore="/opt/atlassian/jira/jre/lib/security/cacerts" " is include in the file setenv.sh and so ,is included in the variable JAVA_OPTS when jira starts.

please, any idea about why is failing the SSL connection?

Best regards

Jorge Sanchez

2 answers

0 votes
Jorge Sánchez July 21, 2017

The cacerts file is owned and accesible to the JIRA service.

0 votes
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
July 21, 2017

Is the cacerts file owned by and accessible to the user running the JIRA service? 

Jorge Sánchez July 21, 2017

Yes. The cacerts file is accesible to the user running the JIRA service

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
July 21, 2017

That is odd, I cannot see a single thing that might even be wrong with this. 

I would check the running system as below and check the -D appears in there (it does not in mine, I've got a single key for a different reason)

ps -ef | grep -i jira
nic      10681 10666  0 18:41 pts/0    00:00:00 grep -i jira
charlie  14058     1  0 Jul02 ?        01:18:21 /opt/jira-7.1/jre//bin/java -Djava.util.logging.config.file=/opt/jira-7.1/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Xms384m -Xmx1520m -Djava.awt.headless=true -Datlassian.standalone=JIRA -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dmail.mime.decodeparameters=true -Dorg.dom4j.factory=com.atlassian.core.xml.InterningDocumentFactory -Djavax.net.debug=ssl -Djavax.net.debug=all -Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.keyStore=/home/charlie/.certs/atlasclient.p12 -Djavax.net.ssl.keyStorePassword=***************** -XX:+PrintGCDateStamps -XX:-OmitStackTraceInFastThrow -Djava.endorsed.dirs=/opt/jira-7.1/endorsed -classpath /opt/jira-7.1/bin/bootstrap.jar:/opt/jira-7.1/bin/tomcat-juli.jar -Dcatalina.base=/opt/jira-7.1 -Dcatalina.home=/opt/jira-7.1 -Djava.io.tmpdir=/opt/jira-7.1/temp org.apache.catalina.startup.Bootstrap start

Suggest an answer

Log in or Sign up to answer